def test_secret(db, config, encrypt):
"""
If encryption is enabled, ensure that:
* secrets are encrypted.
* secrets are decrypted correctly on retrieval.
* secrets are bytes.
"""
config["ENCRYPT_SECRETS"] = encrypt
bytes_secret = b"\xff\x00\xf1"
unicode_secret = u"foo\u00a0"
secret = Secret()
secret.type = "password"
secret.secret = bytes_secret
db.session.add(secret)
db.session.commit()
secret = db.session.query(Secret).get(secret.id)
if encrypt:
assert secret._secret != bytes_secret, "secret is not encrypted"
else:
assert secret._secret == bytes_secret
assert secret.secret == bytes_secret, "secret not decrypted correctly"
secret.secret = unicode_secret
assert secret.secret == unicode_secret.encode("utf8")
def test_secret(db, config, encrypt):
"""
If encryption is enabled, ensure that:
* secrets are encrypted.
* secrets are decrypted correctly on retrieval.
* secrets are bytes.
"""
config['ENCRYPT_SECRETS'] = encrypt
bytes_secret = b'\xff\x00\xf1'
unicode_secret = u'foo\u00a0'
secret = Secret()
secret.type = 'password'
secret.secret = bytes_secret
db.session.add(secret)
db.session.commit()
secret = db.session.query(Secret).get(secret.id)
if encrypt:
assert secret._secret != bytes_secret, 'secret is not encrypted'
else:
assert secret._secret == bytes_secret
assert secret.secret == bytes_secret, 'secret not decrypted correctly'
with pytest.raises(TypeError) as e:
secret.secret = unicode_secret
assert e.typename == 'TypeError', 'secret cannot be unicode'
def set_secret(self, secret_type, secret_value):
# type: (SecretType, bytes) -> None
if not self.secret:
self.secret = Secret()
self.secret.type = secret_type.value
self.secret.secret = secret_value
def imap_password(self, value):
# type: (Union[str, bytes]) -> None
value = self.valid_password(value) # type: bytes
if not self.imap_secret:
self.imap_secret = Secret()
self.imap_secret.secret = value
self.imap_secret.type = "password"
def refresh_token(self, value):
# Must be a valid UTF-8 byte sequence without NULL bytes.
if isinstance(value, unicode):
value = value.encode('utf-8')
try:
unicode(value, 'utf-8')
except UnicodeDecodeError:
raise ValueError('Invalid refresh_token')
if b'\x00' in value:
raise ValueError('Invalid refresh_token')
if not self.refresh_token_secret:
self.refresh_token_secret = Secret()
self.refresh_token_secret.secret = value
self.refresh_token_secret.type = 'token'
def set_secret(self, secret_type, secret_value):
if not self.secret:
self.secret = Secret()
self.secret.type = secret_type.value
self.secret.secret = secret_value
def smtp_password(self, value):
value = self.valid_password(value)
if not self.smtp_secret:
self.smtp_secret = Secret()
self.smtp_secret.secret = value
self.smtp_secret.type = "password"
def imap_password(self, value):
value = self.valid_password(value)
if not self.imap_secret:
self.imap_secret = Secret()
self.imap_secret.secret = value
self.imap_secret.type = 'password'
def put(self, value, type=0, acl=0):
with session_scope() as db_session:
secret = Secret(secret=value, type=type, acl_id=acl)
db_session.add(secret)
db_session.commit()
return secret.id